Class TlsConfig.Builder

java.lang.Object
com.loomcache.common.config.TlsConfig.Builder
Enclosing class:
TlsConfig
public static final class TlsConfig.Builder extends Object
Builder for TlsConfig with validation.

  • Constructor Details

    • Builder

      public Builder()

  • Method Details

    • enabled

      public TlsConfig.Builder enabled(boolean enabled)
      Enable or disable TLS.
      Parameters:
      enabled - true to enable TLS
      Returns:
      this builder

    • keyStorePath

      public TlsConfig.Builder keyStorePath(@Nullable Path path)
      Set the keystore path.
      Parameters:
      path - the path to the keystore file
      Returns:
      this builder

    • keyStorePath

      public TlsConfig.Builder keyStorePath(String path)
      Set the keystore path.
      Parameters:
      path - the path string to the keystore file
      Returns:
      this builder

    • keyStorePassword

      public TlsConfig.Builder keyStorePassword(String password)
      Set the keystore password.
      Parameters:
      password - the keystore password (must not be null)
      Returns:
      this builder

    • keyStoreType

      public TlsConfig.Builder keyStoreType(String type)
      Set the keystore type (PKCS12 or JKS).
      Parameters:
      type - the keystore type (must not be null)
      Returns:
      this builder

    • trustStorePath

      public TlsConfig.Builder trustStorePath(@Nullable Path path)
      Set the truststore path.
      Parameters:
      path - the path to the truststore file
      Returns:
      this builder

    • trustStorePath

      public TlsConfig.Builder trustStorePath(String path)
      Set the truststore path.
      Parameters:
      path - the path string to the truststore file
      Returns:
      this builder

    • trustStorePassword

      public TlsConfig.Builder trustStorePassword(String password)
      Set the truststore password.
      Parameters:
      password - the truststore password (must not be null)
      Returns:
      this builder

    • trustStoreType

      public TlsConfig.Builder trustStoreType(String type)
      Set the truststore type (PKCS12 or JKS).
      Parameters:
      type - the truststore type (must not be null)
      Returns:
      this builder

    • requireClientAuth

      public TlsConfig.Builder requireClientAuth(boolean require)
      Require client authentication (mTLS).
      Parameters:
      require - true to require client authentication
      Returns:
      this builder

    • protocols

      public TlsConfig.Builder protocols(List<String> protocols)
      Set the TLS protocols to enable.
      Parameters:
      protocols - the list of protocol names (must not be null)
      Returns:
      this builder

    • protocols

      public TlsConfig.Builder protocols(String... protocols)
      Set the TLS protocols to enable.
      Parameters:
      protocols - the protocol names (must not be empty)
      Returns:
      this builder

    • cipherSuites

      public TlsConfig.Builder cipherSuites(List<String> suites)
      Set the cipher suites to enable.
      Parameters:
      suites - the list of cipher suite names (must not be null)
      Returns:
      this builder

    • cipherSuites

      public TlsConfig.Builder cipherSuites(String... suites)
      Set the cipher suites to enable.
      Parameters:
      suites - the cipher suite names
      Returns:
      this builder

    • provider

      public TlsConfig.Builder provider(TlsProvider provider)
      Set the TLS provider.
      Parameters:
      provider - the provider to use
      Returns:
      this builder

    • provider

      public TlsConfig.Builder provider(String provider)
      Set the TLS provider from configuration text.
      Parameters:
      provider - provider value (JDK, JSSE, OPENSSL, BORINGSSL, OPENSSL_REFCNT)
      Returns:
      this builder

    • certExpirationWarningDays

      public TlsConfig.Builder certExpirationWarningDays(int days)
      Set the number of days before expiration to warn.
      Parameters:
      days - the warning threshold in days
      Returns:
      this builder

    • certExpirationCriticalDays

      public TlsConfig.Builder certExpirationCriticalDays(int days)
      Set the number of days before expiration to trigger critical alert.
      Parameters:
      days - the critical threshold in days
      Returns:
      this builder

    • revocationCheckingEnabled

      public TlsConfig.Builder revocationCheckingEnabled(boolean enabled)
      Enable or disable certificate revocation checking (CRL/OCSP). When enabled, certificates are checked against CRL distribution points and OCSP responders embedded in the certificate chain.
      Parameters:
      enabled - true to enable revocation checking
      Returns:
      this builder

    • revocationSoftFail

      public TlsConfig.Builder revocationSoftFail(boolean softFail)
      Set revocation checking mode. When true (default), CRL/OCSP fetch failures are tolerated (soft-fail). When false, any fetch failure rejects the certificate (hard-fail — stricter security, but requires reachable CRL/OCSP infrastructure).
      Parameters:
      softFail - true for soft-fail, false for hard-fail
      Returns:
      this builder

    • acceptTimeoutMs

      public TlsConfig.Builder acceptTimeoutMs(int timeoutMs)
      Set the accept timeout (SO_TIMEOUT) applied to the TLS server socket. The accept loop wakes on each timeout to honor shutdown signals.
      Parameters:
      timeoutMs - timeout in milliseconds (must be > 0)
      Returns:
      this builder

    • build

      public TlsConfig build()
      Build the TlsConfig with validation.
      Returns:
      a new TlsConfig
      Throws:
      IllegalArgumentException - if validation fails

    • buildUnchecked

      public TlsConfig buildUnchecked()
      Build without file existence validation (for testing or deferred setup).
      Returns:
      a new TlsConfig